Several local vulnerabilities have been discovered in PostgreSQL, anobject-relational SQL database. The Common Vulnerabilities and Exposuresproject identifies the following problems:

CVE-2007-3278

It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete.

CVE-2007-4769

Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bands read, resulting in a crash. This constitutes only a security problem if an application using ProgreSQL processes regular expressions from untrusted sources.

CVE-2007-4772

Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using ProgreSQL processes regular expressions from untrusted sources.

CVE-2007-6067

Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive ressource consumption. This constitutes only a security problem if an application using ProgreSQL processes regular expressions from untrusted sources.

CVE-2007-6600

Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905.

For the unstable distribution (sid), these problems have been fixed inversion 8.2.6-1 of postgresql-8.2.

For the stable distribution (etch), these problems have been fixed in versionpostgresql-8.1 8.1.11-0etch1.

The old stable distribution (sarge), doesn't contain postgresql-8.1.

We recommend that you upgrade your postgresql-8.1 (8.1.11-0etch1) package.

Upgrade instructions- --------------------

wget url will fetch the file for youdpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line forsources.list as given below: